ICO kicks off GDPR implementation work

The ICO invited industry to meet with them this week to discuss what parts of the General Data Protection Regulation (GDPR) are causing the most concern and where clarity or guidance is needed.

Information Commissioner, Christopher Graham, calmed nerves and told how the compromise reached was far better than what was anticipated by many commentators. However, he was quick to assert that this did not mean there was not a huge amount of work to be done over the next 2 years.

To help industry become compliant with the GDPR the ICO will be creating a dedicated area of their website for the GDPR implementation phase. This will be slowly filled with detailed guidance on specific aspects of the regulation such as, the definition of personal data or consent.

Importantly, the GDPR will not change the stance of the ICO that there is more to life than enforcement. Christopher Graham told how the ICO will continue to prioritise education and proactively engage with organisations on how they can improve their data protection policy.

Delegates asked for clarification on a number of points around consent. For example, will opt-out for telemarketing and postal be maintained and how does legitimate interest relate to consent.

Around the scope of GDPR there was much confusion over what actually constitutes personal and non-personal data. Clarification is needed on where the boundary is.

There were many more questions at the event and so plenty to keep the ICO busy. They promised to take all comments away with them and use the feedback received to guide their work.

Christopher Graham said it was likely that the final GDPR text would be published in the EU Official Journal in early to mid-April and so guidance would be forthcoming after this point.

The DMA will be publishing its own guidance over the coming months and will ensure members are aware of the latest news.